More Web Proxy on the site http://driver.im/

research-article

A Proposal to Study Shoulder-Surfing Resistant Authentication for Augmented and Virtual Reality: Replication Study in the US

Authors:

Sanchari DasAuthors Info & Claims

CSCW '23 Companion: Companion Publication of the 2023 Conference on Computer Supported Cooperative Work and Social Computing

Pages 317 - 322

https://doi.org/10.1145/3584931.3607007

Published: 14 October 2023 Publication History

Abstract

In recent years, augmented and virtual reality (AR/VR) technologies have advanced significantly, becoming more accessible and practical for various industries and applications. However, new digital threats have emerged as AR/VR usage increases such as data exchange in shared spaces. Prior research on graphical authentication has proposed the Things scheme [21] and we plan to adapt this in the AR/VR domain. The scheme in combination with the private display available to users in AR/VR is resistant to shoulder-surfing attacks. Inspired by the work of Duezguen et al. [12], who conducted a user study applying the Things scheme in AR with 16 users in Germany, this short paper proposes a replication study that will implement the Things scheme in both AR and VR. We will recruit eligible participants for the in-lab study which will involve the use of HoloLens and Valve Index to test the Things scheme and we will evaluate the effectiveness of the scheme, the interaction modes for usability, and users’ risk perception concerning security. Additionally, we will conduct a comparative analysis of cross-cultural disparities between the participants in Germany and in the USA.

References

[1]

Charvi Agarwal and Narina Thakur. 2014. The evolution and future scope of augmented reality. International Journal of Computer Science Issues (IJCSI) 11, 6 (2014), 59.

[2]

Abrar Alismail, Esra Altulaihan, MM Hafizur Rahman, and Abu Sufian. 2022. A Systematic Literature Review on Cybersecurity Threats of Virtual Reality (VR) and Augmented Reality (AR). Data Intelligence and Cognitive Informatics: Proceedings of ICDICI 2022 1, 1 (2022), 761–774.

[3]

Antonella De Angeli, Lynne Coventry, Graham Johnson, and Karen Renaud. 2005. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies 63, 1 (2005), 128 – 152. http://eprints.gla.ac.uk/13858/

Digital Library

[4]

Adam J. Aviv, John T. Davin, Flynn Wolf, and Ravi Kuber. 2017. Towards Baselines for Shoulder Surfing on Mobile Authentication. In Proceedings of the 33rd Annual Computer Security Applications Conference (Orlando, FL, USA) (ACSAC ’17). Association for Computing Machinery, New York, NY, USA, 486–498. https://doi.org/10.1145/3134600.3134609

Digital Library

[5]

Arman Bhalla, Ivo Sluganovic, Klaudia Krawiecka, and Ivan Martinovic. 2021. MoveAR: Continuous biometric authentication for augmented reality headsets. In Proceedings of the 7th ACM on Cyber-Physical System Security Workshop. Proceedings of the 7th ACM on Cyber-Physical System Security Workshop, New York, NY, USA, 41–52.

[6]

Fadi Boutros, Naser Damer, Kiran Raja, Raghavendra Ramachandra, Florian Kirchbuchner, and Arjan Kuijper. 2020. Iris and periocular biometrics for head mounted displays: Segmentation, recognition, and synthetic data generation. Image and Vision Computing 104 (2020), 104007.

[7]

L Jean Camp. 2009. Mental models of privacy and security. IEEE Technology and society magazine 28, 3 (2009), 37–46.

[8]

Juan Miguel Carrascosa, Jakub Mikians, Ruben Cuevas, Vijay Erramilli, and Nikolaos Laoutaris. 2015. I always feel like somebody’s watching me: measuring online behavioural advertising. In Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies. Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies, New York, NY, USA, 1–13.

Digital Library

[9]

Song Chen, Zupei Li, Fabrizio Dangelo, Chao Gao, and Xinwen Fu. 2018. A case study of security and privacy threats from augmented reality (ar). In 2018 International Conference on Computing, Networking and Communications (ICNC). IEEE, 2018 International Conference on Computing, Networking and Communications (ICNC), New York, NY, USA, 442–446.

[10]

Sanchari Das, Andrew Dingman, and L. Jean Camp. 2018. Why Johnny Doesn’t Use Two Factor A Two-Phase Usability Study of the FIDO U2F Security Key. In Financial Cryptography and Data Security, Sarah Meiklejohn and Kazue Sako (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 160–179.

[11]

Darren Davis, Fabian Monrose, and Michael K Reiter. 2004. On user choice in graphical password schemes. In USENIX security symposium, Vol. 13. USENIX security symposium, New York, NY, USA, 11–11.

[12]

Reyhan Düzgün, Peter Mayer, and Melanie Volkamer. 2022. Shoulder-Surfing Resistant Authentication for Augmented Reality. In Nordic Human-Computer Interaction Conference. Nordic Human-Computer Interaction Conference, New York, NY, USA, 1–13.

[13]

Fariborz Farahmand and Eugene H Spafford. 2013. Understanding insiders: An analysis of risk-taking behavior. Information systems frontiers 15 (2013), 5–15.

[14]

Baruch Fischhoff, Paul Slovic, Sarah Lichtenstein, Stephen Read, and Barbara Combs. 1978. How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits. Policy sciences 9 (1978), 127–152.

[15]

Agata Kołakowska. 2013. A review of emotion recognition methods based on keystroke dynamics and mouse movements. In 2013 6th international conference on human system interactions (HSI). IEEE, 2013 6th international conference on human system interactions (HSI), New York, NY, USA, 548–555.

[16]

Arash Habibi Lashkari, Samaneh Farmand, Dr Zakaria, Omar Bin, Dr Saleh, 2009. Shoulder surfing attack in graphical password authentication. arXiv preprint arXiv:0912.0951 6, 2 (2009), 145–154.

[17]

SP Leo Kumar. 2019. Knowledge-based expert system in manufacturing planning: state-of-the-art review. International Journal of Production Research 57, 15-16 (2019), 4766–4790.

[18]

James R Lewis. 2018. The system usability scale: past, present, and future. International Journal of Human–Computer Interaction 34, 7 (2018), 577–590.

[19]

Huigang Liang, Yajiong Lucky Xue, 2010. Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the association for information systems 11, 7 (2010), 1.

[20]

Peter Mayer and Melanie Volkamer. 2015. Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing. In Proceedings of the 31st Annual Computer Security Applications Conference (Los Angeles, CA, USA) (ACSAC ’15). Association for Computing Machinery, New York, NY, USA, 431–440. https://doi.org/10.1145/2818000.2818043

Digital Library

[21]

Peter Mayer, Melanie Volkamer, and Michaela Kauer. 2014. Authentication schemes-comparison and effective password spaces. In Information Systems Security: 10th International Conference, ICISS 2014, Hyderabad, India, December 16-20, 2014, Proceedings 10. Springer, Information Systems Security: 10th International Conference, ICISS 2014, Hyderabad, India, December 16-20, 2014, Proceedings 10, New York, NY, USA, 204–225.

[22]

Luis Muñoz-Saavedra, Lourdes Miró-Amarante, and Manuel Domínguez-Morales. 2020. Augmented and virtual reality evolution and future tendency. Applied sciences 10, 1 (2020), 322.

[23]

Anand Nayyar, Bandana Mahapatra, D Le, and G Suseendran. 2018. Virtual Reality (VR) & Augmented Reality (AR) technologies for tourism and hospitality industry. International journal of engineering & technology 7, 2.21 (2018), 156–160.

[24]

Naheem Noah and Sanchari Das. 2021. Exploring evolution of augmented and virtual reality education space in 2020 through systematic literature review. Computer Animation and Virtual Worlds 32, 3-4 (2021), e2020.

[25]

Naheem Noah, Sommer Shearer, and Sanchari Das. 2022. Security and privacy evaluation of popular augmented and virtual reality technologies. In Proceedings of the 2022 IEEE International Conference on Metrology for eXtended Reality, Artificial Intelligence, and Neural Engineering (IEEE MetroXRAINE 2022). Proceedings of the 2022 IEEE International Conference on Metrology for eXtended Reality, Artificial Intelligence, and Neural Engineering (IEEE MetroXRAINE 2022), New York, NY, USA, 1.

[26]

Supaporn Noiwan, Matthew Warren, Linda O’Conner, and Yvonne O’Connor. 2006. Cultural issues in information systems outsourcing: An empirical study. Journal of Information Technology 21, 3 (2006), 159–170.

[27]

S Camille Peres, Tri Pham, and Ronald Phillips. 2013. Validation of the system usability scale (SUS) SUS in the wild. In Proceedings of the human factors and ergonomics society annual meeting, Vol. 57. SAGE Publications Sage CA: Los Angeles, CA, Proceedings of the human factors and ergonomics society annual meeting, New York, NY, USA, 192–196.

[28]

Prashanth Rajivan, Pablo Moriano, Timothy Kelley, and L Jean Camp. 2017. Factors in an end user security expertise instrument. Information & Computer Security 25, 2 (2017), 190–205.

[29]

Cynthia E Rogers, Alexander W Witt, Alexander D Solomon, and Krishna K Venkatasubramanian. 2015. An approach for user identification for head-mounted displays. In Proceedings of the 2015 ACM International Symposium on Wearable Computers. Proceedings of the 2015 ACM International Symposium on Wearable Computers, USA, 143–146.

Digital Library

[30]

Joseph M Rosen, Hooman Soltanian, Richard J Redett, and Donald R Laub. 1996. Evolution of virtual reality [Medicine]. IEEE Engineering in Medicine and Biology Magazine 15, 2 (1996), 16–22.

[31]

Harsh Kumar Sarohi and Farhat Ullah Khan. 2013. Graphical password authentication schemes: current status and key issues. International Journal of Computer Science Issues (IJCSI) 10, 2 Part 1 (2013), 437.

[32]

Stefan Schneegass, Youssef Oualil, and Andreas Bulling. 2016. SkullConduct: Biometric user identification on eyewear computers using bone conduction through the skull. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems. Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, USA, 1379–1384.

Digital Library

[33]

Sophie Stephenson, Bijeeta Pal, Stephen Fan, Earlence Fernandes, Yuhang Zhao, and Rahul Chatterjee. 2022. Sok: Authentication in augmented and virtual reality. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 2022 IEEE Symposium on Security and Privacy (SP), New York, NY, USA, 267–284.

[34]

Hung-Min Sun, Shiuan-Tung Chen, Jyh-Haw Yeh, and Chia-Yun Cheng. 2016. A shoulder surfing resistant graphical authentication system. IEEE Transactions on Dependable and Secure Computing 15, 2 (2016), 180–193.

[35]

Zsolt Szalavári, Erik Eckstein, and Michael Gervautz. 1998. Collaborative gaming in augmented reality. In Proceedings of the ACM symposium on Virtual reality software and technology. Proceedings of the ACM symposium on Virtual reality software and technology, New York, NY, USA, 195–204.

Digital Library

[36]

Furkan Tari, A Ant Ozok, and Stephen H Holden. 2006. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In Proceedings of the second symposium on Usable privacy and security. Proceedings of the second symposium on Usable privacy and security, New York, NY, USA, 56–66.

Digital Library

[37]

Barbara Tversky. 1973. Encoding Processes in Recognition and Recall. Cognitive Psychology 5, 3 (1973), 275 – 287. https://doi.org/10.1016/0010-0285(73)90037-6

[38]

Vivek Veeraiah, K Ranjit Kumar, P Lalitha Kumari, Shahanawaj Ahamad, Rohit Bansal, and Ankur Gupta. 2022. Application of Biometric System to Enhance the Security in Virtual World. In 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE). IEEE, 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE), New York, NY, USA, 719–723.

[39]

Yang Wang. 2018. Inclusive security and privacy. IEEE Security & Privacy 16, 4 (2018), 82–87.

Digital Library

[40]

Waqas Wazir, Hasan Ali Khattak, Ahmad Almogren, Mudassar Ali Khan, and Ikram Ud Din. 2020. Doodle-based authentication technique using augmented reality. IEEE Access 8 (2020), 4022–4034.

[41]

Minrui Xu, Wei Chong Ng, Wei Yang Bryan Lim, Jiawen Kang, Zehui Xiong, Dusit Niyato, Qiang Yang, Xuemin Shen, and Chunyan Miao. 2023. A Full Dive Into Realizing the Edge-Enabled Metaverse: Visions, Enabling Technologies, and Challenges. IEEE Communications Surveys & Tutorials 25, 1 (2023), 656–700. https://doi.org/10.1109/COMST.2022.3221119

Digital Library

[42]

Nur Haryani Zakaria, David Griffiths, Sacha Brostoff, and Jeff Yan. 2011. Shoulder surfing defence for recall-based graphical passwords. In Proceedings of the seventh symposium on usable privacy and security. Proceedings of the seventh symposium on usable privacy and security, New York, NY, USA, 1–12.

Digital Library

[43]

Verena Zimmermann and Nina Gerber. 2020. The password is dead, long live the password–A laboratory study on user perceptions of authentication schemes. International Journal of Human-Computer Studies 133 (2020), 26–44.

Digital Library

Cited By

Borhani ZOrtega F(2024)Enhancing Replicability in XR HCI Studies: A Survey-Based Approach2024 IEEE International Symposium on Mixed and Augmented Reality Adjunct (ISMAR-Adjunct)10.1109/ISMAR-Adjunct64951.2024.00020(42-46)Online publication date: 21-Oct-2024
https://doi.org/10.1109/ISMAR-Adjunct64951.2024.00020

Index Terms

A Proposal to Study Shoulder-Surfing Resistant Authentication for Augmented and Virtual Reality: Replication Study in the US
1. Security and privacy

Recommendations

Shoulder-Surfing Resistant Authentication for Augmented Reality
NordiCHI '22: Nordic Human-Computer Interaction Conference

Augmented Reality (AR) Head-Mounted Displays (HMD) are increasingly used in industry to digitize processes and enhance user experience by enabling real-time interaction with both physical and virtual objects. In this context, HMD provide access to ...
Extending Virtual Reality Display Wall Environments Using Augmented Reality
SUI '19: Symposium on Spatial User Interaction

Two major form factors for virtual reality are head-mounted displays and large display environments such as CAVE®and the LCD-based successor CAVE2®. Each of these has distinct advantages and limitations based on how they’re used. This work explores ...
Haptics in Augmented Reality
ICMCS '99: Proceedings of the IEEE International Conference on Multimedia Computing and Systems - Volume 2

An augmented reality system merges synthetic sensory information into a user's perception of a three-dimensional environment. An important performance goal for an augmented reality system is that the user perceives a single seamless environment. In most ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CSCW '23 Companion: Companion Publication of the 2023 Conference on Computer Supported Cooperative Work and Social Computing

October 2023

596 pages

ISBN:9798400701290

DOI:10.1145/3584931

Editors:
Casey Fiesler
University of Colorado Boulder, USA
,
Loren Terveen
University of Minnesota, USA
,
Morgan Ames
University of California, Berkeley, USA
,
Susan Fussell
Cornell University, USA
,
Eric Gilbert
University of Michigan, USA
,
Vera Liao
Microsoft Research Montreal, Canada
,
Xiaojuan Ma
Hong Kong University of Science and Technology, Hong Kong
,
Xinru Page
Brigham Young University, USA
,
Mark Rouncefield
Lancaster University, UK
,
Vivek Singh
Rutgers University, USA
,
Pamela Wisniewski
Vanderbilt University, USA

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 October 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CSCW '23

Sponsor:

SIGCHI

CSCW '23: Computer Supported Cooperative Work and Social Computing

October 14 - 18, 2023

MN, Minneapolis, USA

Acceptance Rates

Overall Acceptance Rate 2,235 of 8,521 submissions, 26%

Upcoming Conference

CSCW '25

Sponsor:
sigchi

Computer-Supported Cooperative Work and Social Computing

October 18 - 22, 2025

Bergen , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
110
Total Downloads

Downloads (Last 12 months)68
Downloads (Last 6 weeks)3

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Borhani ZOrtega F(2024)Enhancing Replicability in XR HCI Studies: A Survey-Based Approach2024 IEEE International Symposium on Mixed and Augmented Reality Adjunct (ISMAR-Adjunct)10.1109/ISMAR-Adjunct64951.2024.00020(42-46)Online publication date: 21-Oct-2024
https://doi.org/10.1109/ISMAR-Adjunct64951.2024.00020

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents